almalinux

ALSA-2022:5813: vim security update (Moderate)

Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Out-of-bounds Write (CVE-2022-1785) * vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897) * vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927) For more details...

7.5 CVSS

2022-08-03T00:00:00

almalinux

ALSA-2022:5818: openssl security update (Moderate)

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: c_rehash script allows command injection (CVE-2022-1292) * openssl: the c_rehash script...

10.0 CVSS

2022-08-03T00:00:00

almalinux

ALSA-2022:5809: pcre2 security update (Moderate)

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c...

6.4 CVSS

2022-08-03T00:00:00

almalinux

ALSA-2022:5819: kernel security and bug fix update (Important)

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) * kernel: a use-after-free write in the netfilter subsystem can lead...

7.2 CVSS

2022-08-03T00:00:00

almalinux

ALSA-2022:5826: mariadb:10.5 security, bug fix, and enhancement update (Moderate)

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16). Security Fix(es): * mariadb: MariaDB through 10.5.9 allows attackers to trigger a...

5.0 CVSS

2022-08-02T00:00:00

almalinux

ALSA-2022:5823: 389-ds:1.4 security update (Moderate)

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)...

5.0 CVSS

2022-08-02T00:00:00

almalinux

ALSA-2022:5821: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

5.0 CVSS

2022-08-02T00:00:00

almalinux

ALSA-2022:5774: thunderbird security update (Important)

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505) * Mozilla: Directory indexes for bundled resources reflected URL parameters...

2022-08-01T00:00:00

almalinux

ALSA-2022:5777: firefox security update (Important)

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505) * Mozilla: Directory indexes for...

2022-08-01T00:00:00

almalinux

ALSA-2022:5779: ruby:2.5 security update (Moderate)

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix...

5.0 CVSS

2022-08-01T00:00:00

almalinux

ALSA-2022:5775: go-toolset:rhel8 security and bug fix update (Important)

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang:...

2022-08-01T00:00:00

almalinux

ALSA-2022:5717: grafana security update (Important)

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: OAuth account takeover (CVE-2022-31107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

2022-07-26T00:00:00

almalinux

ALSA-2022:5696: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk (1.8.0.342.b07). (BZ#2084648) Security Fix(es): * OpenJDK: integer truncation...

2022-07-25T00:00:00

almalinux

ALSA-2022:5683: java-11-openjdk security, bug fix, and enhancement update (Important)

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8). (BZ#2084649) Security Fix(es): * OpenJDK: integer truncation issue in...

2022-07-21T00:00:00

almalinux

ALSA-2022:5597: pandoc security update (Important)

Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm (GitHub's extended version of the C reference implementation of CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which...

7.5 CVSS

2022-07-18T00:00:00

almalinux

ALSA-2022:5564: kernel security, bug fix, and enhancement update (Important)

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

2022-07-13T00:00:00

almalinux

ALSA-2022:5526: squid:4 security update (Important)

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: DoS when processing gopher server responses (CVE-2021-46784) For more details about the security issue(s), including the impact, a CVSS score,...

2022-07-07T00:00:00

almalinux

ALSA-2022:5314: expat security update (Moderate)

Expat is a C library for parsing XML documents. Security Fix(es): * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other...

5.0 CVSS

2022-06-30T00:00:00

almalinux

ALSA-2022:5316: kernel security and bug fix update (Important)

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666) * kernel: out-of-bounds read in fbcon_get_font function (CVE-2020-28915) For more details about the security issue(s),...

6.1 CVSS

2022-06-30T00:00:00

almalinux

ALSA-2022:5319: vim security update (Moderate)

Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap buffer overflow (CVE-2022-1621) * vim: buffer over-read (CVE-2022-1629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

6.8 CVSS

2022-06-30T00:00:00

affectedPackage.OS:"almalinux" AND affectedPackage.OSVersion:8

ALSA-2022:5813: vim security update (Moderate)

ALSA-2022:5818: openssl security update (Moderate)

ALSA-2022:5809: pcre2 security update (Moderate)

ALSA-2022:5819: kernel security and bug fix update (Important)

ALSA-2022:5826: mariadb:10.5 security, bug fix, and enhancement update (Moderate)

ALSA-2022:5823: 389-ds:1.4 security update (Moderate)

ALSA-2022:5821: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)

ALSA-2022:5774: thunderbird security update (Important)

ALSA-2022:5777: firefox security update (Important)

ALSA-2022:5779: ruby:2.5 security update (Moderate)

ALSA-2022:5775: go-toolset:rhel8 security and bug fix update (Important)

ALSA-2022:5717: grafana security update (Important)

ALSA-2022:5696: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)

ALSA-2022:5683: java-11-openjdk security, bug fix, and enhancement update (Important)

ALSA-2022:5597: pandoc security update (Important)

ALSA-2022:5564: kernel security, bug fix, and enhancement update (Important)

ALSA-2022:5526: squid:4 security update (Important)

ALSA-2022:5314: expat security update (Moderate)

ALSA-2022:5316: kernel security and bug fix update (Important)

ALSA-2022:5319: vim security update (Moderate)